You wrote about deplatforming-- heads up that DigitalOcean does deplatform people. I have direct firsthand knowledge of DigitalOcean deplatforming a security disclosure professional reporting a root breach bug.
For your secure backups, I can suggest Tarsnap by Colin Percival, who's a security expert and a frequent contributor on Hacker News. I don't get anything for recommending Tarsnap; I'm just a customer. https://www.tarsnap.com/
I had a terrible, terrifying experience with DO where they hard locked my account for days (and it would have been weeks if I hadn't made a huge stink) because of a misunderstanding. They ban/lock first, ask questions later, and that's not cool and I can't have my (and my customer's) important infrastructure treated that way.
I now use Linode for most of my stuff, and once they have cloud firewalls available in Dallas I'll be moving the rest of infrastructure over as I can.
I really need to write up my story into a blog post I can link to, but until then, I put a recap here a few days ago for anyone interested in the details. Mine wasn't as bad as some people's, but pretty scary personally: https://news.ycombinator.com/item?id=25806086
I’ve had only positive experiences with Linode, including incidents where I faced absolutely massive DDoS attacks.
On the other hand, my account is suspended from DigitalOcean, I have multiple droplets they refuse to give the data to, and they even had the audacity to keep billing me until I did credit card chargebacks. I still have no idea why I was banned.
Maybe because I used the GitHub student pack promo but I had already finished uni? I don’t know.
Another happy Linode user here. They might not have the nicest interface, but their service is top notch and I much prefer their UI to Digital Ocean's any day of the week. I've been with Linode for ten years now.
I guess I’m not terribly surprised. It fits a narrative, not of being overly protective, but of run-of-the-mill incompetence.
Someone once used a DigitalOcean droplet to run an aggressive layer 7 denial of service attack against a service I host. I notified DO via their web form, didn’t get a reply for three days, then got told to email to their abuse@ email address instead.
Dutifully, I mailed abuse@ and included the relevant server logs, gzipped, as an attachment. I got a reply that they won’t open any attachments, please copy and paste the logs directly into the email.
As an outsider, it seems to me as if they have few people with the appropriate technical background staffing their abuse department, so legitimate reports are left uninvestigated due to dumb technicalities like not being willing/able to open attachments, and bogus reports are accepted without thought or understanding as to the appropriate course of action.
They're definitely on the theater side of security. I've got locked out of my account multiple times for no reason.
Furious the second time, I sent a crafted image of an invalid ID to check if they actually even care. It seems they don't, as the account got unlocked all the same.
I think you should make a blog post with screenshots calling them out for this ridiculous hypocrisy.
Of its own the blog post won't do anything, but the next time they're being overeager and shutting down a legitimate customer, you can link to that and corner them to fix their procedures.
This is the most offensive part to me, I can't even sign up or use DO without having my privacy invaded and sold (they load multiple fingerprinters from different third party vendors that also then share this data) yet they still don't have a handle on abuse.
I get so much rubbish from DO space, nonstop port scanning at absurd volumes (sometimes totaling 6 digit+ pps), from customers that haven't been removed in years. massscan/zmap from people with a fake opt out page (that I shouldn't need to be opting out of), etc.
They flagged my account and pulled 100% of my servers with no mitigation for 12 hours until I convinced them I was legitimate. DO still handles that incredibly poorly, which is the reason we no longer host anything critical there.
Also both tarsnap and S3 have no idea what content they’re storing on your behalf. (Everything is encrypted at rest). So for tarsnap, deplatforming should never be an issue.
I used to use Tarsnap and am still stuck with it in several projects. I wish I weren't. Restoring backups takes ages. If you need to restore a production server in an emergency, and the whole server remains down for an hour because that's how long Tarsnap takes to restore some tens of Gigabytes, then you will very quickly look for alternatives. I raised this issue with Colin, Tarsnap's creator, multiple times. And the answer has always been "maybe some day". I now simply encrypt backups myself and store them in an S3 or Linode bucket. Much faster. For personal backups, I love restic syncing to Backblaze, where I back up 1.4 TB or so for $5 per month.
$0.25 /GB is pretty expensive. I'm using Hetzner Storage Box [1] which has tonnes of connectivity options where 1TB is only 9.40€ (works out at 0.0094€ /GB)
Yeah I've been with them for 8 years as they're the best value hosting provider [1] I've found, which I use for all my memory or computational heavy workloads as they come at a fraction of the cost of what it would cost on AWS.
I would actually compare DigitalOcean to a Facebook or a Google or an Instagram. You’re banned or blocked and cannot reach a human to find out why or what can be done. DO support is just a bunch of auto mailers sending the same template emails, in my experience.
As tarsnap is run by a single person, it seems hard to suggest it to serious businesses due to the inherent risks there as well as the extremely high storage costs and difficult cleanup procedures compared to competing tools. I tend to prefer solutions like restic + B2 for their price and support, where you at least have a larger company behind the storage backend, you could even directly use it with S3 and it'd still be cheaper than Tarsnap.
Oh my word, that article on tarsnap is a frightful bore. I was a tarsnap customer and I thought it was great. If Colin is happy running it more like a utility than a rapacious VC-backed hyper-growth racket, I'm not sure why that is bad.
The only reason I stopped being a customer was because another rapacious racket of a business, Comcast, introduced miniscule but enforced data caps in my area, so online backups aren't attractive anymore and I've gone back to external drives and offsite rotation. When I cancelled, Colin sent me a personal e-mail to make sure it was alright to delete my backups. It was probably the best exchange I've ever had with a service provider.
> If Colin is happy running it more like a utility than a rapacious VC-backed hyper-growth racket, I'm not sure why that is bad.
I don't doubt your happiness, but I confess that I'm having trouble reconciling "running it more like a utility" with charging 25¢/GB per month for storage. That is just staggeringly high. What I'm paying $6/month for with Arq would be over $160/month if I were using Tarsnap, and I'm getting end-to-end encryption, deduplication, and versioned file backups. What advantages does Tarsnap bring to the table that justify such a tremendous cost?
The whole point of a backup service is that most of the time you don't need it at all, but when you do need it you really need it. From that perspective, it's like paying for insurance.
I'm not a tarsnap customer, but I think what you're paying for is a service built by a literal obsessive genius that will 100% work when the chips are down.
Unfortunately restic was a no go for me due to not being compatible with B2 keys that only have the permissions readFiles,writeFiles,listBuckets,listFiles (no deleteFiles). I don't want the attacker to be able to delete any backups if the manage to get to the B2 keys.
In short, give rclone your keys, (small ~/.rclone config file) tell restic to use an rclone backend and add an extra argument when running restic. (See the blog link above, all explained)
There's an open issue for this which doesn't seem to have moved: https://github.com/restic/restic/issues/2134 - it does have a couple of PRs linked on there which implement proper soft-delete.
Yes. Having family help out on a 1-man show is an entirely different beast than hiring a full-time employee with wages, taxes, and healthcare. One of these two is a life-long trusted human that you've shared numerous life experiences with, the other is not.
Looks like the brother just does the merges? (which are mostly automatic) so IMO best it matters because it's still mostly a one man, or at least a one family operation - i.e not very resilient to random acts of nature (which backups are supposed to protect from)
When a business becomes serious? Do you need to hire several workers to look legitimate? If that's still not enough, do you need to make yourself a slave of VC?
Only problem I can see is that one man operation is susceptible to the run over by a bus scenario.
However that is still better than a woke VC asking the "owner" to cancel some users.
I would seriously prefer a service like this to be run by a two man team. Or at least have a guarantee that I'll get automatically notified if something happens to a sole operator.
My issue with tarsnap vs Dropbox is entirely workflow. Right now I can treat my Dropbox effectively as an external drive that happens to live on my file system by making everything selectively synced. If I want something backed up, I just drag it into that folder. But once it’s backed up I can turn on selective sync and free up my disk space.
Backup of personal data is often a 1-way endeavor — here’s a dump of photos I scanned that I don’t need to look at anytime soon. But with tarsnap I can’t do that, nor can I then have the ease of browsing to the file and just opening it while it transparently downloads on demand.
Colin Percival is obviously a smart and very skilled guy but I am mystified why people on HN keep recommending tarsnap, it seems a terrible product for almost any imaginable audience.
If I'm a normal end user, I will probably get a vastly easier to use product at about 1-10% of the price from Backblaze. And if I'm a serious business that can easily afford the > 10x premium and engineering to configure the backup I probably wouldn't want to entrust it to some company with what looks to be a bus factor of one and the apparent technical limitation that a restore might cost me a few DAYS of unanticipated downtime [1].
I mean, sure, if you are some unix nerd wanting to backup your dotfiles and a few small documents (or repos) for maybe around ~$50/year, why not go with some artisanal backup service for HN street cred (and a laudable open source donation policy)? But what other good use cases are there?
E.g. relative to the author's script, tarsnap get you automatic deduplication across backups... which, if you're like me and basically generate more and more data, allows you to store lots of historic backups at basically no overhead over just storing today's data.
Tarsnap does have real downsides - restores can indeed be slow, bare per-GB cost is high, and "like tar" is not a user interface that everyone will like - but there are definitely upsides, too.
That's why so far best idea is to go bare metal with couple of different providers and sync data to multiple servers. In case one provider decides to cancel you, you can still have your data in another place. You can also have a copy at your own server. To have access to all machines as if they were on a local network, you can use tinc-vpn or for convenience ZeroTier.
what's the advantage of tarsnap over say, doing an encrypted backup with borg to my gdrive folder? I've never heard of Google random deleting encrypted blobs from people's storage and it's way cheaper
There is a lot of open source file sync software out there (ownCloud, NextCloud, Seafile, Syncthing, ...) that would be much better suited for a self-hosted Dropbox replacement than a single bash script. You are many orders of magnitude more likely to lose your data due to a code bug or unstable network than deplatforming.
I looked into setting up something of the sort for myself a little while ago, but unfortunately the pricing just isn't feasible if you have a large amount of data (say a few hundred GBs). You could easily end up paying more than $100/mo for storage + compute + bandwidth, while Dropbox and others charge ~$6-$10/mo for like 2TB.
OVH Cloud in the U.S. has servers with 32GB of RAM and also 2x2TB drives starting at $59/mo and unmetered bandwidth. (both of these are French companies that are expanding into the U.S.) If you are interested in other locations (including Canada), check out ovh.com, kimsufi.com, and soyoustart.com (all part of the enormous OVH global footprint).
If you're in EMEA, or don't mind an extra 100 or so millisecond (SSH works fine), check out OVH and Scaleway (France), and of course Hetzner (Germany). Each of these offer dedicated servers for very reasonable prices, and copious amounts of bandwidth with reasonable pings to almost anywhere.
For example, https://www.kimsufi.com/us/en/servers.xml currently has 500GB hard drive servers with Intel Atoms available for $5/mo in both Canada and France, or bigger hard drives for just a few bucks more. This is OVH's cheapest line of servers, but OVH does a pretty extensive burn-in test before deploying them to you, and they tend to be pretty solid. (keep backups in case a hard drive fails, but that's always a good idea anyway.)
I'm a big Hetzner dedicated server fan. I've been using them for 5 years after switching from OVH. Its astounding the amount of hardware and transfer they offer for a extremely reasonable price.
You can host Nextcloud at your home using something like NextcloudPi+DDNS (https://nextcloudpi.com) or HomeDrive (https://homedrive.io, which has ngrok-ish end-to-end tunnels integrated), and the monthly cost would be almost $0. :)
It's cheap if you already own the hardware. Even $300 could be 50 months (4 year) of a remote server at the prices suggested by some of the posts in this page.
Furthermore self hosting a backup server at home doesn't protect against burglars and fires. You'll probably lose both your data and their backup.
That's why I prefer a local backup plus a remote one (a combination of git repositories and file storage. )
I recently set up Nginx on a DO droplet as a reverse proxy to my home server over Wireguard. It's not $0 but it doesn't directly expose my home IP. And I have an authoritative resolver on the LAN so local clients go directly to the private address.
Yep. It probably works quite well even between desktop, laptop and Android devices, but personally I have a home server running one instance. This allows me to always have the latest copies of files available for any of my devices and that's where the backups live too. Probably a Hetzner box or something should be quite cost effective way to have the same benefits.
I heard about this from another recent HN thread https://www.mobiussync.com however I haven’t had a chance to try it yet so I can’t attest to its quality.
Another Syncthing fan here. The software is great. But I used DO spaces for storage and it's pricy. One of my "to do" lists for 2021 is find a cheaper storage solution and move my backups over.
Wasabi is S3 compatible storage and costs $6/TB per month.
NextCloud and ownCloud can be set up to utilize Amazon S3 or Wasabi storage. This works really well and is very inexpensive. Both my GFs business files and my personal/work files all are backed up Dropbox style for less then $10 a month including web and mobile access.
I found NextCloud a little buggy compared to OwnCloud but it has more features and unfortunately I'm stuck with it for the time being and can't easily switch back to NextCloud. The sync works fine though.
I wouldn't trust that script too much: there is no error checking at all.
What happens when s3cmd fails and after two months you discover the "Vault sync succeded" emails you have been getting were all illusory?
If the author is reading: please take the time to update your example, including proper error checking (at least "set -eu"), otherwise the people on the internet that are going to copy your script are in for a hard time.
You'll never regret it and might be very very very happy it was there. And if you start with that, then as you work on the shell script, you'll be more likely to make the script be idempotent (checking for files before copying, checking for lines in files before appending/sed'ing etc.) Idempotent >> non-idempotent for "alter the state on an end point" things.
The options are good, but I don't like the IFS suggestion. Bash has a perfectly good way of dealing with spaces in array elements. Fixing the example in the article is as simple as adding double quotes around the array:
for name in "${names[@]}"; do
echo "$name"
done
The will not result in a single element, but will destructure each element of names, as if each were double-quoted, and will print the same output that the "strict mode IFS setting" does.
What's more, the double-quoted array solution will work even if the elements contain newlines or tabs.
Totally agreed. You can also temporarily turn it off and turn it back on again if you really need to by doing "set +e ... set -e". Sometimes it is more convenient to check errors explicitly, i.e. with test code where the test is expected to fail, but errors should fail fast by default.
I don’t know about never regretting. “set -e” is the right choice the vast majority of the time, but definitely has some gotchas to it. For instance, what does the following script print?
#!/bin/bash
set -e
(
echo "Start of Subshell"
(exit 1)
echo "This shouldn’t run, right?"
) || echo "Subshell failed"
Dropbox's killer feature is 'Online-only' storage IMHO, it allows me to store and access 300GB+ of music and other projects on my laptop without carrying an external HDD with me all the time. Every file is saved as a zero-byte file, which makes the files discoverable even though it's not stored on my disk. When I try to open the file it downloads it automatically, which works surprisingly well. And it's way faster than mounting DigitalOcean Spaces using s3fs for example.
Also Dropbox is cheaper: 12eu for 2TB, compared to DigitalOcean Spaces: 5eu for 250GB. And I can even access my files through the Dropbox API.
(And Office365 actually gives you 1TB per user (so 6TB) and 60 mins of skype per user (so 360 mins), plus online, mobile, and desktop versions of office).
But somehow I have the feeling that Dropbox > Google Drive > OneDrive at syncing. Anybody can confirm?
1) Get a Synology NAS.
2) Install the 'Synology Drive' package
3) set up 'Quickconnect' (~DDNS)
4) Remote backup can be though a number of providers (e.g. Backblaze) for cheap
No monthly fees. No domain needed. Storage is as cheap as the HDD's you stock it with. Your hardware and all your files are in your own house. Everything on BlackBlaze can be encrypted. You can set it up all through a webpage-based-GUI.
Technical, non-experts in computing stuff can do this. Not quite simple enough for the general public though.
This is what I use and I love it. Still working out what I want to do for backing it up to the cloud though. It has a very easy built on way to do that too, but im trying to figure out how "trust no one" I am with encryption and what exactly I really want to pay to keep around forever.
I have a QNAP for my whole family (Mom, Dad, Bro, Sis)... they can remote in and save pictures.
I then use cloudsync to backup to GCP nearline. All family pictures are there. Obviously, we don't store stuff that we don't want our mother to see. I take the risk of hacking, but a fire in my house is probably more likely than a hacking of my family photos on GCP. I figure just about everything else is ephemeral.
$5 for 250GB of storage and then $20 per TB ($0.02/GB) after that seems a bit steep.
Plans and Pricing
The base rate of a Spaces subscription is $5/month and gives you the ability to create multiple Spaces.
The subscription includes 250 GiB of data storage (cumulative across all of your Spaces). Additional storage beyond this allotment is $0.02/GiB. If you cancel your subscription by destroying all your Spaces, your bill will be prorated hourly.
I don't know what Hetzner is, but if rsync is available, it's a much better option, particularly if you can do incremental syncing you can get a fairly robust setup with very little code.
The BX30 in 7.90 before any country specific tax. But that is the 1tb price as the price per TB is discounted by volume (and you get more snapshots, etc.)
I tried, and tried to use Spaces for image hosting related to a site that I am building but it never worked for me. DigitalOcean support was responsive but useless. I got the same basic response over and over again for days on end. I did finally get a response acking my problem and that it would be assigned to an Engineer. The ticket was then closed the next day with no further comment. I re-opened it and asked about the status of the engineer looking at the issue and received back the same response I had already heard nearly a dozen times. I then re-closed the ticket, deleted my Space, and went back to AWS. :(
I had heard good things about DigitalOcean, but I would not use them or recommend them to anyone after that experience. The one primary issue I had was a showstopper but there was a lot of other bugginess.
That’s crazy. I’m using spaces on several projects and never had so much as a blip from them. If you don’t mind what was the showstopper issue for you?
Erroneous 503s. I would get a 503 on every call. Uploading a single file with a single call would immediately 503. I never once got a successful upload. I simply switched the endpoint URL and credentials over to AWS S3 and it worked first time so it was not my code (though I suppose it could have been an issue in the library AWS's node S3 client). My theory was the request was somehow malformed based on what DO was expecting and it was returning a 503 rather than a 400. But the request did work with S3.
I never claimed that this is 1 on 1 replacement for Dropbox. Dropbox is much much much more than what I am doing here. And I agree with you on that point. I choose DO because it is very easy to set up and get started with.
But for my needs this is all that I need and it solves my use case.
And regarding DO, its just one of the possible S3 providers out there. One could choose something else.
You could also go the route of using Backblaze for storage and Cloudflare for delivery. You'll pay $1.25 for the same 250gb ($0.005/gb) and get free bandwidth through CF.
If you're doing this more "quick and easy developer" style, Backblaze is definitely something worth following up. B2 would be way better for the cost ($0.005/gb). DO Spaces, Linode Object Storage and AWS S3 are all about the same price ($0.02/gb).
Though it's always worth testing based on use case. I use B2 for backups, which works great. But when doing some testing with a more interactive load, I really didn't like how many timeouts I got.
Yes. The specific prohibition is that you can't serve video from Cloudflare whatever your backend is (unless Enterprise account). You can read their tos or forum if you need.
I actually really like DO spaces, I use it for hosting a small audio podcast. One downside is they give you NO way to see your bandwidth usage, other than seeing whether you got a bill overage or not. It was pretty surprising to me that they HAVE the information for billing, but don't expose it to the user of spaces in any way.
Could you please expand on how you host a podcast and what software you use (or point to resources that can help)? I’m assuming you mean hosting the podcast audio files, not just RSS feeds to the episode files stored elsewhere. Thank you.
> To use this on Windows I suggest using Subsystem for Linux or Cygwin.
Unless you live inside these environments, an easier option would be rclone[1]. I use it on a regular basis to sync large loads to Digital Ocean Spaces, including its bandwidth limiting schedule to avoid saturating the residential uplink at inconvenient times.
The biggest (related) issue I run into running rclone from home is hitting the request speed limit on Digital Ocean Spaces. I frequently get the "Slow down!" error when backing up a bunch of small (<1mb) files.
I'd highly suggest Syncthing over this solution - no need to rely on 3rd parties for your data storage, let alone trust them with unencrypted copies of your data, if someone malicious worked at DigitalOcean and wanted to compromise you, it'd be trivial to put a malicious script in your Vault files. Especially if deplatforming is a concern something like Syncthing would avoid any reliance on a 3rd party that has visibility into your data.
I have a 50TB+ NAS in my garage rack. Which I'm not utilizing completely. I wonder if there is a market for renting out some of my storage for someone else's encrypted backups. Something like a website, where I can list my price/gb & connection speed -- or maybe people could swap. Maybe I want to store 5TB off site and I'm willing to let someone else store their 5TB on my server. The website would act as the middleman for introducing the two customers.
Siacoin and Filecoin are basically this; you can store small parts of files under contracts that give you crypto in return. Occasionally you'll get tested by the network to check if it's online, and you have the files you should have. A good use of crypto, though last time I looked the ROI wasn't great as a host.
That sounds more taxing on my connection than what I was thinking. Not really up for 100 connections, but if I'm matched up with 1 or 2 other users then that would seem ok.
From what I understand it doesn't really work like that - files get split in to 30 chunks on different providers, and you only need 10 to restore. Apparently "this means that if 20 out of 30 hosts go offline, a Sia user is still able to download her files."
I'm a long-time DigitalOcean user and I'm happy with most of their products, but I use Backblaze for S3-compatible storage. It's half the price of Spaces, and I get better transfer rates from my DigitalOcean droplet to B2 than I get to Spaces, even within the same DigitalOcean datacenter.
There are tons of companies offering S3-compatible storage, and there's not much difference between them, other than price. Performance capabilities are similar; they all limit bandwidth. All the ones I've evaluated charge for egress over a certain threshold. Some are more reliable than others. For personal use, there's not a whole lot of difference between them for me.
One really cheap alternative for some use cases is Office 365. For $99/year, you can get a family subscription, which allows six accounts. Each gets 1TB of S3-compatible OneDrive storage. If you can handle it being broken up into six 1TB chunks, it's by far the cheapest storage out there. For comparison, Backblaze is $5/TB/mo, and Office 365 gets you $1.37/TB/mo. I didn't end up using this option because the authentication mechanism was inconvenient for my automated use case and I didn't end up needing so much storage, but it's worth investigating if you're on a budget and don't need automated access via e.g. rclone mounts (or want to take the time to overcome the authentication issues I ran into).
I evaluated about a dozen S3 storage options for both backups and as backing storage for a personal Plex server (of media I own) and eventually settled on Backblaze because it's cheap, easy to use, and I didn't need more than 1-2TB in the end (since not a single one can keep up with streaming video bandwidth needs, I ditched the Plex idea).
The article, and many of the posts here, seem like a baroque expansion of this (in)famous original response to the Dropbox launch: https://news.ycombinator.com/item?id=8863. I can get off Dropbox by... writing my own shell scripts?
What's sad is that increasingly people are feeling that the price for these easy, convenient services is too high, in terms of privacy loss, data lock-in, and so on. Are we going back to the early 00s, when the tech-savvy people would roll their own solutions and everyone else... just has to lump it? Are hackers just being too idealistic? Or do organizations like Signal show a possible way forward?
With s3cmd you could use it with almost anything supporting S3. I work with AWS every day and am a bit shell shocked by it :) And for personal things I prefer DO. And my needs are low. My whole sync folder is about 5gb.
If that's what you are doing why not just go to Wasabi? It is cheaper, storage is the only thing that they do and downloads is free until the GB transferred is under GB stored per month.
> For customers that use Wasabi’s pay-as-you-go pricing model, Wasabi has a minimum monthly charge associated with 1 TB of storage ($5.99/month). If you store less than 1 TB of active storage in your account, your total charge will still be $5.99/month (plus any applicable taxes). See FAQ#4 for more details.
> With Wasabi minimum storage retention policy, minimum number of days are as follows:
> 90 days (default) for customers using Wasabi’s pay-as-you-go pricing model
It is six dollars a month per TB billed on a GB level with 1TB minimum, with no weird plan tiers with S3 compatible API and no stupid per API call charges, reasonable pull pricing ( either free or cheap ), not related to other accounts.
What, exactly is that level of control of $ spent ( as it is going to be lower than pennies ), that people want while maintaining reasonable reliability, stability, durability and scalability of storage.
Is it? I used to do something similar with a couple rsync commands. In fact I think the rsync solution is more robust because you can create incremental backups.
It does encrypted, incremental backups and can sync to many protocols including S3, DO Spaces, Dropbox, rsync, Mega.co...the list goes on. Super easy to set up. This is my go to backup solution for the cloud.
Once I "git reset --hard" the wrong repo and lost a lot of code. Had to use Dropbox's rollback feature to get it all back. Was not the first time Dropbox saved my butt. For me, a comparable alternative would need to have the same rollback features.
I must say, I concur with this person’s assessment of the Goog-exit feeling. I ditched GMail for Fastmail and my own domain last week. I had been putting this off for years because it seemed like such a massive pain in the ass and I was afraid that I would just end up with two email services.
In the end, it took me one evening to update every service that I cared about to use my new address. The rest (mostly e-commerce companies) I’ve been doing as I use them.
I didn't do any auto-responders. Frankly, email is kind of dead for p2p comms with friends so there's not many people to inform. Most difficult part I've encountered was getting my dad, who is old, on board. He keeps emailing me at my GMail.
I stopped using Dropbox as soon as C. Rice was put on the board. Tried tarsnap which was great did everything I wanted but I ended up using Arq instead, have had zero issues with it.
I went down a bit of a rabbit hole of Digital Ocean and their "security" for production workloads.
> Show me any other vps provider that silently provides access to customer A's data to customer B after receiving commands from customer A to destroy their instance and then I'll believe you guys aren't at the very bottom of the "takes security seriously" list.
> You do not need to scrub or write anything to not provide user A’s data to user B in a multi-tenant environment. Sparse allocation can easily return nulls to a reader even while the underlying block storage still contains the old data. ... On top of all of that, when I pointed out that what they were doing was absolute amateur hour clownshoes, they oscillated between telling me it was a design decision working as intended (and that it was fine for me to publicize it), and that I was an irresponsible discloser by sharing a vulnerability.
> You've got an additional problem though, which is that this tells us you have two support channels: one that doesn't work (i.e. yours, the one you built), and one that does (Twitter-shaming). The first channel represents how you act when no one's watching; the second, how you act when they are. Most people prefer to deal with people for whom those two are the same.
Speaking of randomly locking accounts, the post-mortem kills me:
> The initial account lock and resource power down resulted from an automated service that monitors for cryptocurrency mining activity (Droplet CPU loads and Droplet create behaviors). These signals, coupled with a number of account-level signals (including payment history and current run rate compared to total payments) are used to determine if automated action is warranted to minimize the impact of potential fraudulent high-cpu-loads on other customers.
In other other words, DO will kill your account with a curt email staring simply: "We have reviewed your account and have declined to activate it. No further information or action is required from you." for simply using "too much CPU"! https://pbs.twimg.com/media/D76ocofXoAY_xB5.png
Is there anything commercial that is both cheap and popular that doesn't cut corners to get there?
edit: Point being, I don't see how DO could get their act together as their business model essentially requires them to act like this. If they don't cut corners in one area then they will somewhere else.
They don't have to treat the customers as the enemy. They do so by choice.
The root cause of the "DO killed our business" situation was that DO accepts credit cards for payment but provides "cash equivalent" as the product: Rented CPUs can be used crypto mining. But from the "outside" it's practically impossible to distinguish between crypto mining and legitimate high CPU usage, they "look" the same.
Hence, DO felt that they were "forced" to kill everyone that signs up with a credit card and starts their CPU at 100% load, because a significant percentage of the time that's some hacker using a stolen credit card number to mine Bitcoins.
DigitalOcean feels forced to treat customers as the enemy, because a significant percentage is the enemy.
However, this business model of "we give you cash for credit cards" is their choice! Nobody forced them to do this. Credit cards aren't legally mandated tender.
Not every shopping centre till provides a cash out service. Some take on this risk. Some don't. I've noticed that less well-to-do areas of my city don't offer this service, but the more posh areas with lower risk do offer cash out. Does the shopping centre get burnt by this sometimes? Yes, but that's their risk to bear.
Digital Ocean is like a shopping centre in a low-rent district full of drug addicts that offers cash out. That's their choice to accept that much higher level of risk. What they're doing however is passing on the consequences to their customers. They're not bearing the risk. It's your risk to bear that other customers mine crypto on DO droplets.
So what alternative does DO have, you ask? They could just ask customers to transfer money up-front, much like pre-paid SIM cards. Many other companies operating in high-risk customer markets do this kind of thing. Heck, Azure and AWS do exactly this: They offer enormous discounts if you pre-pay. Absolutely huge, like up to 50% or even 80% off! See: https://azure.microsoft.com/en-us/pricing/reserved-vm-instan...
So this is what DigitalOcean should do: When you sign up, on the next page after you've created your account it should give a full-page choice screen with two columns:
Column A: "Prepay for savings and guaranteed service levels" -- blah blah blah, we won't randomly kill your account, and you get a 20% discount!
Column B: "Credit card sign up" -- blah blah, ideal for dev/test, ideal for non-critical workloads, we may suspend your account if the usage exceeds certain thresholds, etc...
What kind of digital ocean plan did you get for your setup ? I've been thinking about putting together something similar but the price to get a reasonable amount of space seemed prohibitive.
Dropbox does a great job syncing a large number of small files -- I believe they compress the small files somehow before uploading to the cloud. And plenty of other optimizations that make me happy to pay Dropbox's premium. Otherwise, Google Drive and OneDrive are cheap alternatives too.
High efficiency and very high performance trustless backup setup: send incremental (encrypted, compressed) ZFS snapshots to rsync.net, hetzner, or buyvm. This produces smaller backups than rsync or similar tools, produces them faster, and also shields your data from prying eyes, as it’s all encrypted when it leaves your machine.
For your secure backups, I can suggest Tarsnap by Colin Percival, who's a security expert and a frequent contributor on Hacker News. I don't get anything for recommending Tarsnap; I'm just a customer. https://www.tarsnap.com/